ClawHub

Agent Builder 1.0.0

v1.0.0

Build high-performing OpenClaw agents end-to-end. Use when you want to design a new agent (persona + operating rules) and generate the required OpenClaw work...

4· 764·5 current·5 all-time
by@icemastert
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the behavior: it builds OpenClaw agent workspaces and iterates on them. It requires no binaries, env vars, or installs. Minor provenance note: published registry ownerId (kn7beqs8...) differs from the _meta.json ownerId (kn79fk2...) and homepage/source are missing — this is a trust/traceability issue but does not affect functional coherence.
Instruction Scope
SKILL.md instructs the agent to ask clarifying questions, generate specific workspace files (IDENTITY.md, SOUL.md, AGENTS.md, etc.), and run acceptance tests. All file reads/writes are limited to agent workspace artifacts and included reference templates; there are no instructions to read unrelated system files, environment variables, or to send data to external endpoints.
Install Mechanism
No install spec and no code files — instruction-only. This is the lowest-risk install model and matches the skill's purpose.
Credentials
The skill requests no environment variables, credentials, or config paths. It does instruct reading/writing workspace files (expected for this purpose). There are no unexplained secret/token requests.
Persistence & Privilege
always is false and disable-model-invocation is default (agent may be invoked autonomously). The skill does not request persistent system-wide privileges or modify other skills. Generating workspace files is normal for this function.
Assessment
This skill appears coherent and low-risk because it's instruction-only and needs no credentials or installs. Before installing/using it: (1) verify the publisher/source if you need supply-chain assurance (registry ownerId vs _meta.json ownerId mismatch); (2) review any generated workspace files (SOUL.md, AGENTS.md, HEARTBEAT.md, MEMORY.md) before enabling autonomous or periodic behaviors; (3) do not put secrets or credentials into the workspace (the references explicitly warn against this); (4) keep HEARTBEAT.md disabled until you trust the agent and run the provided acceptance tests in a controlled environment; (5) if you plan to grant autonomy (allow it to act without prompting), restrict its autonomy level and confirm ask-before-destructive and ask-before-outbound rules are present. If you need stronger assurance, ask the publisher for provenance (source repo or homepage) or run the skill in an isolated/test environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fxmcws1jprvs0b184r84fv981cqkz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments